IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Breach of the data protection peace

With the ICO rarely fining for breaches of the Data Protection Act, are businesses breaking rules as they can get away with it or is the ICO bringing about some other type of corporate telling off?

You don't have to read too far into the Information Commissioner's Office (ICO) website to find its mission statement. The ICO has been established to "Uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals."

Lone justice?

With this declaration in mind, one might naturally question the statistics pertaining to recent judiciary actions carried out by the ICO. Reports earlier this year highlighted the fact just 36 out of 2,565 data breaches were acted upon by the ICO, with only four cases resulting in monetary fines.

Security vendors from far and wide have used this apparent' shortfall in regulatory discipline as a platform for reinforcing the effectiveness of their data protection products. So as the Data Protection Act (DPA) and issues relating to information compliance gain an ever-greater number of column inches, is it time to question whether we are at an industry tipping point and about to fall?

Is it time to question whether we are at an industry tipping point and about to fall?

"The reports noting that just one per cent of data breaches have been fined by the ICO risk undermining its power to force companies to take their internal security measures seriously," said Nigel Hawthorn, vice president of EMEA marketing for Blue Coat Systems.

"When the ICO increased the maximum fine tenfold from 50,000 to half a million pounds last year, this should have sent a clear message to the market that companies needed to get their house in order. But why bother sharpening the ICO's teeth if they are not prepared to bite?"

Industry opinion appears to lay part of the blame for compliance issues on the proliferation of devices and flexibility of new work practices. Both of these factors are further fuelled by the consumerisation of IT, which makes it increasingly difficult for companies to protect data and increasingly easy to lose it.

Matthew Tomlinson, a board director at secure network specialist Secure Data, said we will see an increase in audits and fines from the ICO over the coming years, but companies really need to take responsibility for data protection and start policing themselves.

"In practice it is unrealistic for the ICO to audit every company; they do not have the resources or the capacity," he said.

"However, we are seeing larger corporations already beginning to police themselves due, foremost, to the fear of public backlash if they were to have a major data breach. You only have to look at the recent Sony data breach to see the public affect it has on the company."

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022